It sounds like your needs are beyond what Jamf offers. The Allowed Apps from Appstore Only is an MDM Configuration from Jamf Pro with managing gatekeeper trust app locations, not Jamf Protect. Jamf Pro does support Application Blacklisting, but I would not recommend relying on that function and only use it for situations that matter to device management, like blocking an macOS installer or messages.app for example. Jamf Protect is more or less an EDR and cannot manage application white/blacklisting.
What you need is a permissions management tool. I suggest looking into something like CyberArk EPM. This will allow you to remove Admin access from your users (which they should not have anyway) and elevate the various functions your users need to perform without them having admin access. You can also set up application white/blacklists and target the policies at user/devices specifically to block or allow applications, and binaries based on role.
